From 480761a3bdaa55bf8c966e4dab950ebf84775863 Mon Sep 17 00:00:00 2001 From: Quentin Armitage Date: Fri, 9 Aug 2013 12:26:33 +0100 Subject: Add specifying protocol for bitmap:port Signed-off-by: Jozsef Kadlecsik --- src/ipset.8 | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'src/ipset.8') diff --git a/src/ipset.8 b/src/ipset.8 index 4353b9f..d7fa964 100644 --- a/src/ipset.8 +++ b/src/ipset.8 @@ -391,22 +391,25 @@ and such a set can store up to 65536 ports. .PP \fICREATE\-OPTIONS\fR := \fBrange\fP \fIfromport\fP\-\fItoport [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] .PP -\fIADD\-ENTRY\fR := { \fIport\fR | \fIfromport\fR\-\fItoport\fR } +\fIADD\-ENTRY\fR := { \fI[proto:]port\fR | \fI[proto:]fromport\fR\-\fItoport\fR } .PP \fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ] [ \fBpackets\fR \fIvalue\fR ] [ \fBbytes\fR \fIvalue\fR ] .PP -\fIDEL\-ENTRY\fR := { \fIport\fR | \fIfromport\fR\-\fItoport\fR } +\fIDEL\-ENTRY\fR := { \fI[proto:]port\fR | \fI[proto:]fromport\fR\-\fItoport\fR } .PP -\fITEST\-ENTRY\fR := \fIport\fR +\fITEST\-ENTRY\fR := \fI[proto:]port\fR .PP Mandatory options to use when creating a \fBbitmap:port\fR type of set: .TP -\fBrange\fP \fIfromport\fP\-\fItoport\fR +\fBrange\fP \fI[proto:]fromport\fP\-\fItoport\fR Create the set from the specified inclusive port range. .PP The \fBset\fR match and \fBSET\fR target netfilter kernel modules interpret the stored numbers as TCP or UDP port numbers. .PP +\fBproto\fR only needs to be specified if a service name is used, +and that name does not exist as a TCP service. +.PP Examples: .IP ipset create foo bitmap:port range 0\-1024 @@ -414,6 +417,8 @@ ipset create foo bitmap:port range 0\-1024 ipset add foo 80 .IP ipset test foo 80 +.IP +ipset del foo udp:[macon-udp]-[tn-tl-w2] .SS hash:ip The \fBhash:ip\fR set type uses a hash to store IP host addresses (default) or network addresses. Zero valued IP address cannot be stored in a \fBhash:ip\fR -- cgit v1.2.3